It turns out that interactive Smart Toys are highly hackable | Software Advisory Service

It turns out that interactive Smart Toys are highly hackable

Home > Blog > It turns out that interactive Smart Toys are highly hackable

It turns out that interactive Smart Toys are highly hackable


Are you planning on getting your little one the newest Smart Toys this holiday season? Well, this article might just change your mind.


The Doll That Came In From the Cold


My Friend Cayla is a highly-sought item this Christmas.


This is partly due to spectacular TV commercials - and hefty sums spent on international ad campaigns and influencer marketing. Audrey McClelland, an American mum-blogger, is one of the many influencer who received a My Friend Cayla in exchange for a review.


And with McClelland, the manufacturer clearly got their money’s worth.


What initially attracted her to Cayla, McClelland writes enthusiastically, was that “she actually resembled my little Victoria! A little blonde fashionista with blue eyes!!”


Cayla, which is indeed sporting waist-length golden hair and a pink tutu, is undoubtedly every girl’s dream this Christmas. But there’s something that clearly separates Cayla from the generations of Barbie Dolls that came before her. As McClelland writes in her sponsored blog post: “she’s a SMART DOLL! (...) She can answer questions, play games, tell stories and talk about pictures in her photo albums with the help of her mobile application. It’s absolutely fascinating to see modern toys do amazing things like this! Just spectacular!”


While enthusiastic marketing efforts such as this can dramatically increase the demand for My Friend Cayla and similar Smart Toys, there’s one little detail you should probably be aware of.


Earlier this year, the Federal Network Agency, Germany’s regulatory office, labelled Cayla an illegal espionage apparatus”.



Welcoming hackers and identity thieves


Originally designed to bring happiness and delight to any household, Cayla might also bring with her hackers, spies and identity thieves.


Credible sources can report that several international councils, such as Germany’s Federal Network Agency and the Norwegian Consumer Council, have advised parents to destroy the Smart Dolls they own. Retailers have been informed that they can only sell Cayla, and toys like her, if they can successfully disconnect its ability to connect to the internet. ”This is about protecting the rights of the weakest in society,” says Jochen Homann, the President of Germany’s Federal Network Agency.


You might think this is a huge overreaction, but hear me out. My Friend Cayla uses speech recognition software combined with Google Translate to entertain your child. The doll’s microphone records speech and transmits it via the internet - a function which leaves the doll extremely vulnerable to hackers. As a result, the trusted toys can suddenly be used to spy on your little ones - and to track their exact location.


Are your toys cybersecure?


“Many of these internet-connected devices have trivial ways to bypass security,” explains Javvad Malik from cybersecurity company AlienVault. “Parents have to be aware of what they’re buying and how secure it is.”


Malik’s statement is backed up by another cybersecurity expert, Sarah J. Lewis, who spends the months before Christmas testing the cybersecurity of interactive toys. A majority of these Smart Toys did not take basic steps to ensure that their connection was secure, Lewis argue. She also claims that, in some cases, the toys acted as “uncontrolled spy devices” as the manufacturers had failed to include basic cybersecurity.


And Cayla is far from the only one. It was recently revealed that Furby Connect, made by Hasbro, had a bluetooth feature which could enable anyone within 30 metres of the toy to hijack the connection and use the toy’s microphone to speak to children.


A quick Google search will reward you with sobering results. Plenty of blog posts, in several languages, can provide you with basic step-by-step guides on how to hack My Friend Cayla and “make her say swear words”. While this is obviously meant as pranks, one can only imagine what would happen if a stranger hacked Cayla in order to actually communicate with your child.


For decades, toy makers have attempted to bring toys alive for children. Microphones and camera introduced a certain level of responsiveness, but it was internet connections that truly opened up a new world of possibilities. It all seemed like the perfect solution.


Until it wasn’t.

Back Content Hub

Get Your Free Shortlist!

Recent Content